The Salvation Army has become the latest high profile organisation to be battered by a ransomware attack after charity bosses have been forced to admit that hackers have infected its systems and purloined its data.
The Christian organisation, which was founded in 1865 in London, has been rocked by a very modern problem. Back in April, British spy chief and GCHQ director Jeremy Fleming warned businesses that the scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cybersecurity to maximise profit.
The Register has reported that the charity first noticed the attack around a month ago, which is believed to have affected a London data center used by the charity, and is thought to be still negotiating with the attackers over the incident.
A spokeswoman said: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.
“We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.”
The Salvation Army has refused to give any further details, such as the identity of the criminal attackers, or the volume and type of data accessed by them, although supporters are being urged to be vigilant; the charity brings in more than £130m a year through fundraising activities.
According to its full accounts for the year 2020 the two charity trusts registered by the UK arm of the organisation registered revenues of £240.822m and £160.4m respectively.
The charity’s biggest single fundraiser is its Christmas appeal, which generates around £16m each year. It also has a number of other fundraising options, including regular and one-off gifts, “in memory” donations and will services.
Its 2020 accounts show that it raised nearly £53m from legacies, just over £58m from public donations and nearly £19m from members.
An ICO spokesperson said: “People have the right to expect that organisations will handle their personal information securely and responsibly. If an individual has concerns about how their data has been handled, they should raise it with the organisation first, then report them to us if they are not satisfied with the response.”
Last summer, some 166 UK organisations, among them top UK universities and charities, contacted the ICO to report their data had been compromised in a major breach at US cloud and education software giant Blackbaud.
Spy chief warns of ‘alarming’ increase in ransomware
Blackbaud breach sparks legal threat to UK universities
National Trust among 125 hit by Blackbaud hack in UK
Crisis donors hit as fears grow over Blackbaud breach
Clients demand answers as cloud giant admits breach
Gold diggers: cyber criminals driven by the filthy lucra
Hack attack fears push UK cyber security to over £8bn